Bugtraq mailing list archives
Re: Possible DoS in rsh
From: kragen () POBOX COM (Kragen)
Date: Thu, 15 Oct 1998 12:08:38 -0400
On Tue, 6 Oct 1998, Shivan Dragon wrote:
[.rhosts -> /dev/null DOSes rsh, imapd] I'm pretty sure if I did the server's load could have been through the roof.
Something similar to this was posted for Apache a few months ago. It has been proposed that the appropriate way to handle this is for imapd, fingerd, rshd, Apache, etc. to check to see if the config file is a real file or is something else, and then to refuse to do anything with it if it's not. I think that this is rather the wrong way to approach it. If I have a 50G RAID array, I can create a sparse file of 50G for my .rhosts, which will probably take enough time for imapd to read to make an effective DOS. And having such files attached to named pipes, etc., can really be quite useful. A more effective and less restrictive solution would be to put arbitrary, possibly configurable, limits on the amount of the configuration file that is paid attention to. Perhaps 100K would be reasonable for .rhosts. Kragen -- <kragen () pobox com> Kragen Sitaker <http://www.pobox.com/~kragen/> A well designed system must take people into account. . . . It's hard to build a system that provides strong authentication on top of systems that can be penetrated by knowing someone's mother's maiden name. -- Schneier
Current thread:
- Possible DoS in rsh Shivan Dragon (Oct 06)
- WARNING: By-passing MS Proxy packet filtering Mnemonix (Oct 06)
- tooltalk vulnerable on Digital Unix ?? Andrew Daviel (Oct 08)
- Re: Possible DoS in rsh Nick Andrew (Oct 08)
- Secure Locate v1.0 Kevin Lindsay (Oct 08)
- Re: Possible DoS in rsh Kragen (Oct 15)
- <Possible follow-ups>
- Re: Possible DoS in rsh Henrik Nordstrom (Oct 08)